v23.11.1 (#31)

* fix: add --init switch

* feat(do): rework tags

* feat(aws): rework tags, bump versions

* feat(aws): test kms_key_administrators

Author: VladyslavKurmaz

.gitignore

@@ -22,7 +22,6 @@
 **/.env
 .kube.config*
 **/backend.tf
-secrets
 
 # ignore .pem
 *.pem

.tln.conf

@@ -114,6 +114,7 @@ module.exports = {
     args
       .prefix('TLN_CLOUDS')
       .option('backend',      { describe: 'Defines which backend provider should be used (cloud, pg)', default: null, type: 'string' })
+      .option('tenant',       { describe: 'Tenant Id', default: null, type: 'string' })
       .option('state',        { describe: 'Defines how store name will be built: project,provider,group,env,layer,tenant,<custom_string>', default: 'project,provider,group,env,layer', type: 'string' })
       .option('init',         { describe: 'Run Terraform init', default: false, type: 'boolean' })
       .option('upgrade',      { describe: 'Run Terraform upgrade mode for init', default: false, type: 'boolean' })
@@ -127,11 +128,9 @@ module.exports = {
     ;
   },
   env: async (tln, env) => {
-    // DO - provider layer
-    //env.TF_VAR_domain_tag = 'tln-sh';
-    //env.TF_VAR_private_key = path.join(__dirname, 'secrets', 'tln.sh.key');
-    //env.TF_VAR_certificate_chain = path.join(__dirname, 'secrets', 'tln.sh.ca-bundle');
-    //env.TF_VAR_leaf_certificate = path.join(__dirname, 'secrets', 'tln.sh.crt');
+    if (env.TLN_CLOUDS_TENANT) {
+      env.TF_VAR_tenant_id = env.TLN_CLOUDS_TENANT;
+    }
   },
   dotenvs: async (tln) => ['.env'],
   inherits: async (tln) => [],
@@ -145,6 +144,11 @@ module.exports = {
         script.set(getScript(script.env, true));
       }
     },
+    { id: 'get-bastion', builder: async (tln, script) => {
+      script.set([
+        `tln exec -c 'cd network && terraform output bastion_remote_address'`,
+      ]);
+    }},
     { id: 'bridge', builder: async (tln, script) => {
         const port = script.env.TLN_CLOUDS_BRIDGE_PORT;
         switch (script.env.TLN_COMPONENT_ID) {
@@ -192,20 +196,25 @@ sshuttle --dns${daemon} -vr ${script.env.TLN_CLOUDS_BASTION} 0/0 --ssh-cmd 'ssh
       }
     },
     { id: 'up', builder: async (tln, script) => {
+        const tenant = (script.env.TF_VAR_tenant_id) ? `tln construct -- --backend cloud --init --apply --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}` : '';
         script.set([`
-tln construct -- --backend cloud --apply --layers provider --state project,provider
-tln construct -- --backend cloud --apply --layers group --state project,provider,group
-tln construct -- --backend cloud --apply --layers network,managed,app
-tln construct -- --backend cloud --apply --layers tenant --state project,provider,group,env,${script.env.TF_VAR_tenant_id}
+tln construct -- --backend cloud --init --apply --layers provider --state project,provider
+tln construct -- --backend cloud --init --apply --layers group --state project,provider,group
+tln construct -- --backend cloud --init --apply --layers network
+#tln sshuttle -- --bastion user@ip --deamon
+tln construct -- --backend cloud --init --apply --layers managed,app
+${tenant}
         `]);
       }
     },
     { id: 'down', builder: async (tln, script) => {
+      const tenant = (script.env.TF_VAR_tenant_id) ? `tln deconstruct -- --backend cloud --init --apply --layers tenant --state project,provider,group,env,tenant --tenant ${script.env.TF_VAR_tenant_id}` : ''
         script.set([`
-tln deconstruct -- --backend cloud --apply --layers tenant --state project,provider,group,env,${script.env.TF_VAR_tenant_id}
-tln deconstruct -- --backend cloud --apply --layers network,managed,app
-tln deconstruct -- --backend cloud --apply --layers group --state project,provider,group
-tln deconstruct -- --backend cloud --apply --layers provider --state project,provider
+#tln sshuttle -- --bastion user@ip --deamon
+${tenant}
+tln deconstruct -- --backend cloud --init --apply --layers network,managed,app
+tln deconstruct -- --backend cloud --init --apply --layers group --state project,provider,group
+tln deconstruct -- --backend cloud --init --apply --layers provider --state project,provider
         `]);
       }
     },

README.md

@@ -16,7 +16,7 @@
 * Install [tln](https://www.npmjs.com/package/tln-cli)
 * Goto **projects** folder from tln-cli installation above and clone repository
   ```
-  git clone --depth 1 --branch v23.9.0 git@github.com:project-talan/tln-clouds.git && cd tln-clouds
+  git clone --depth 1 --branch v23.11.1 git@github.com:project-talan/tln-clouds.git && cd tln-clouds
   ```
 > Important<br>
 > Commands below assume that Terraform Cloud is used as a storage for states<br/>

aws/.env.template

@@ -1,7 +1,5 @@
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=
-AWS_SESSION_TOKEN=
-
 AWS_DEFAULT_REGION=eu-central-1
 
 TF_VAR_aws_k8s_version=1.28

aws/app/main.tf

@@ -1,8 +1,7 @@
 module "shared" {
-  source        = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
+  group_id = var.group_id
+  env_id = var.env_id
 }

aws/app/variables.tf

@@ -1,5 +1,12 @@
-variable "org_id"     { type = string }
-variable "project_id" { type = string }
-variable "group_id"   { type = string }
-variable "env_id"     { type = string }
-variable "tenant_id"  { type = string }
+variable "org_id" {
+  type = string
+}
+variable "project_id" {
+  type = string 
+}
+variable "group_id" {
+  type = string 
+}
+variable "env_id" {
+  type = string 
+}

aws/group/main.tf

@@ -1,8 +1,6 @@
 module "shared" {
-  source        = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
+  group_id = var.group_id
 }

aws/group/variables.tf

@@ -1,5 +1,9 @@
-variable "org_id"     { type = string }
-variable "project_id" { type = string }
-variable "group_id"   { type = string }
-variable "env_id"     { type = string }
-variable "tenant_id"  { type = string }
+variable "org_id" {
+  type = string
+}
+variable "project_id" {
+  type = string 
+}
+variable "group_id" {
+  type = string 
+}

aws/managed/main.tf

@@ -1,21 +1,22 @@
 module "shared" {
-  source      = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
+  group_id = var.group_id
+  env_id = var.env_id
 }
 
 module "eks" {
   source  = "terraform-aws-modules/eks/aws"
-  version = "19.15.3"
+  version = "19.19.0"
 
   cluster_name    = module.shared.k8s_name
   cluster_version = var.aws_k8s_version
   vpc_id          = data.aws_vpc.main.id
   subnet_ids      = data.aws_subnets.private.ids
 
+  //kms_key_administrators = []
+
   eks_managed_node_group_defaults = {
     ami_type = "AL2_x86_64"
 

aws/managed/variables.tf

@@ -1,12 +1,31 @@
-variable "org_id"     { type = string }
-variable "project_id" { type = string }
-variable "group_id"   { type = string }
-variable "env_id"     { type = string }
-variable "tenant_id"  { type = string }
+variable "org_id" {
+  type = string
+}
+variable "project_id" {
+  type = string 
+}
+variable "group_id" {
+  type = string 
+}
+variable "env_id" {
+  type = string 
+}
 
-variable "aws_k8s_version" { type = string }
-variable "aws_k8s_nodes_min" { type = string }
-variable "aws_k8s_nodes_desired" { type = string }
-variable "aws_k8s_nodes_max" { type = string }
-variable "aws_k8s_nodes_size" { type = string }
-variable "aws_k8s_nodes_disk" { type = string }
+variable "aws_k8s_version" {
+  type = string
+}
+variable "aws_k8s_nodes_min" {
+  type = string
+}
+variable "aws_k8s_nodes_desired" {
+  type = string
+}
+variable "aws_k8s_nodes_max" {
+  type = string
+}
+variable "aws_k8s_nodes_size" {
+  type = string
+}
+variable "aws_k8s_nodes_disk" {
+  type = string
+}

aws/network/main.tf

@@ -1,15 +1,14 @@
 module "shared" {
-  source        = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
+  group_id = var.group_id
+  env_id = var.env_id
 }
 
 module "vpc" {
   source  = "terraform-aws-modules/vpc/aws"
-  version = "5.1.0"
+  version = "5.1.2"
 
   name = module.shared.vpc_name
   cidr = "10.0.0.0/16"

aws/network/variables.tf

@@ -1,5 +1,12 @@
-variable "org_id"     { type = string }
-variable "project_id" { type = string }
-variable "group_id"   { type = string }
-variable "env_id"     { type = string }
-variable "tenant_id"  { type = string }
+variable "org_id" {
+  type = string
+}
+variable "project_id" {
+  type = string 
+}
+variable "group_id" {
+  type = string 
+}
+variable "env_id" {
+  type = string 
+}

aws/provider/main.tf

@@ -1,8 +1,5 @@
 module "shared" {
-  source        = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
 }

aws/provider/variables.tf

@@ -1,5 +1,7 @@
-variable "org_id"     { type = string }
-variable "project_id" { type = string }
-variable "group_id"   { type = string }
-variable "env_id"     { type = string }
-variable "tenant_id"  { type = string }
+variable "org_id" {
+  type = string
+}
+variable "project_id" {
+  type = string 
+}
+

aws/tenant/main.tf

@@ -1,8 +1,8 @@
 module "shared" {
-  source        = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
+  group_id = var.group_id
+  env_id = var.env_id
+  tenant_id = var.tenant_id
 }

aws/tenant/variables.tf

@@ -1,5 +1,15 @@
-variable "org_id"     { type = string }
-variable "project_id" { type = string }
-variable "group_id"   { type = string }
-variable "env_id"     { type = string }
-variable "tenant_id"  { type = string }
+variable "org_id" {
+  type = string
+}
+variable "project_id" {
+  type = string 
+}
+variable "group_id" {
+  type = string 
+}
+variable "env_id" {
+  type = string 
+}
+variable "tenant_id" {
+  type = string 
+}

do/app/main.tf

@@ -1,8 +1,7 @@
 module "shared" {
-  source      = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
+  group_id = var.group_id
+  env_id = var.env_id
 }

do/app/variables.tf

@@ -1,7 +1,16 @@
-variable "org_id"     { type = string }
-variable "project_id" { type = string }
-variable "group_id"   { type = string }
-variable "env_id"     { type = string }
-variable "tenant_id"  { type = string }
+variable "org_id" {
+  type = string
+}
+variable "project_id" {
+  type = string 
+}
+variable "group_id" {
+  type = string 
+}
+variable "env_id" {
+  type = string 
+}
 
-variable "do_region"  { type = string }
+variable "do_region" {
+  type = string
+}

do/group/main.tf

@@ -1,10 +1,8 @@
 module "shared" {
-  source      = "../../shared"
-  org_id      = var.org_id
-  project_id  = var.project_id
-  group_id    = var.group_id
-  env_id      = var.env_id
-  tenant_id   = var.tenant_id
+  source = "../../shared"
+  org_id = var.org_id
+  project_id = var.project_id
+  group_id = var.group_id
 }
 
 resource "digitalocean_tag" "group" {